Comodo is making my programs hang when they try to go outside the network.

I created a Predefined Policy called Loopback ONLY.

  • Allow TCP or UDP From IP in [192.168.1.1 - 192.168.255.255] to IP in [192.168.1.1 - 192.168.255.255]
  • Allow Access to Loopback Zone (in and out - TCP or UDP)
  • Block on non-matching requests on IP from Address Any to Address Any

Now, when I apply this to Firefox, I can get to my internal network, but not out to the internet. This is as expected.

However, if I open a new tab, tell it to browse to www.google.com and then go back to the first tab and tell it to browse to an internal server… the entire application freezes up. None of the tabs will go anywhere. Windows repeatedly asks me if I can to close Firefox, since it’s not responding.

This is NOT good! I want the firewall to restrict operation, NOT divy out capital punishment to offending programs! I tried this with Chrome also, with the same effect.

Can anyone tell me how to get the firewall to stop killing my apps completely if they try to get out to the internet?

I’m unable to recreate the problem here, however, if you’re using a net mask of 255.255.255.0 I’d change the IP address range from

192.168.1.255/192.168.255.255
to
192.168.1.255/192.168.1.255

The latter covers a single subnet as opposed to the former, which covers multiple subnets. Better still, create a Network zone for your LAN subnet - you may already have one, as CIS tends to create these automatically - and use that in the rule.

Just to make sure we’re on the same page, these are the rules I created to test, please correct if incorrect:

Application - firefox.exe
Action - Allow
Protocol - TCP or UDP
Direction - Out
Source Address - 192.168.1.255 - 192.168.255.255
Destination Address - 192.168.1.255 - 192.168.255.255
Source Port - Any
Destination Port - Any

Action - Allow
Protocol - TCP or UDP
Direction - In and Out
Source Address - Any
Destination Address - Loopback Zone
Source Port - Any
Destination Port - Any

Action - Block
Protocol - IP
Direction - Out
Source Address - Any
Destination Address - Any
IP Details - Any

I was also unable to recreate the issue. What version of Windows and 32 or 64 are you running? Also, what version of Firefox are you running? What plugins?

You could also try creating a Zone with your range and then making your rules specifying the zones. May not work but worth a shot. What happens if you do the same in Internet Exploiter? Have you tried browsing in the same tab without creating new ones to see if the problem still exists?